Multi-account, multi-region, multi-environment AWS CDK and Golang cloud application playground.
Tools: make, nodejs, docker, sops, aws-cli, awk, sed, xargs, yq, age.
Follow bootstrapping instructions to prepare local and aws environment. Use make commands to run operations.
git clone ...
- Clone this git repo- Edit configuration parameters in
config.yaml
make init
- Install dependenciesmake bootstrap-cdk
- Bootstrap cdk for all apps regionsmake bootstrap-github-oidc
- Optionally bootstrap github oidc if Github Actions are used for deploymentsmake bootstrap-secret-key
- Generage age secret key and store it in the cloud
make init
- install infra dependenciesmake bootstrap-cdk
- bootstrap cdk for all apps regionsmake bootstrap-github-oidc
- deploy cfn stack with github oidcmake bootstrap-secret-key
- generate age secret key and store it in the cloud
make build
- build allmake build-lambdas
- build lambdasmake build-infra
- build infra deployer container imagemake clean
- remove compiled lambdas and decrypted secretsmake clean-secrets
- remove decrypted secrets filemake clean-lambdas
- remove compiled lambdas
make sops-edit-(config|secrets)
- edit encrypted secrets file or create new onemake sops-decrypts-(config|secrets)
- decrypt secrets into plan text filemake sops-encrypt-(config|secrets)
- encrypt secrets from plan text filemake secrets-aws-update
- set secrets in aws from decrypted secretsmake secrets-aws-delete regcode=euc1
- delete secrets in aws
Cdk commands support additional arguments: app
, stage
and regcode
. Their defaults are set in Makefile
and equal to make app=deployer-glb stage=dev regcode='*'
.
list:
make ls
- list infra stacks for given regionmake lsa
- list infra stacks for all regionsmake lsa-all
- list all stacks for all appsmake metadata
- show stacks metadata
diff:
make diff
- diff infra changesmake diff-all
- diff infra changes for all apps
deploy:
make deploy
- deploy infra & lambdasmake deploy-all
- deploy infra & lambdas for all apps
outputs:
make outputs
- display stack outputsmake outputs-all
- display stack outputs from all apps for given region
destroy:
make destroy
- destroy stacksmake destroy-all
- destroy stacks from all apps
System apps:
deployer-glb
- apps deployer (single-region)monitor-glb
- monitor app (single-region)monitor
- monitor app (multi-region)
User apps:
be
- backend api app (multi-region)fe
- frontend app (single-region)
Stages and their environment configurations are defined under stages
section in config.yaml
.
deployer-glb application manages deployments of all other applications including delivering self updates.
Main job of deployer is to run CloudFormation stack updates. It uses CodeBuild to trigger updates and CodePipeline to orchestrate the flow.
- Upload deployer container image to ECR repo.
- Upload deployment config to artifacts S3 bucket.
- Trigger and monitor pipeline execution.
- Fetch deployment config from artifacts S3 bucket.
- Trigger CodeBuild RO project to run
make diff
command. - Download container image from ECR.
- Get secret key to decrypt password file.
- CloudFormation diff.
- Manual approve step in AWS CodePipeline.
- Trigger CodeBuild RW project to run
make deploy
command. - Get secret key to decrypt password file.
- Download container image from ECR.
- CloudFormation deploy.
- Create/update secrets in SecretsManager.
Automated pipelines use deployer container image to execute deployments.
# build lambdas and infra deployer container image
% make lambdas infra
# run simple command
% docker run --rm -it infra lsa-all
# run command with AWS access
% docker run --rm -it \
-e AWS_ACCESS_KEY_ID \
-e AWS_SECRET_ACCESS_KEY \
infra app=be diff
# run command with custom config file
% docker run --rm -it \
-v $PWD/config.yaml:/app/config.yaml \
infra app=be lsa